When we use the -genkey argument the keytool "generates a key pair (a public key and associated private key). Wraps the public key into an X.509 v1 self-signed certificate, which is stored as a single-element certificate chain".

When we use the -selfcert argument the keytool "generates an X.509 v1 self-signed certificate, using keystore information including the private key and public key associated with alias".

If -genkey generates a self signed certificate what does -selfcert do? I can't understand what actually happens between -genkey and -selfcert. What does self sign mean in both the case?